james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Charles <e...@apache.org>
Subject Re: LDAP Login
Date Thu, 19 Jul 2012 07:56:49 GMT
Hi Merve,

For now, only Read-only users can be stored in LDAP.

This means the domains have to be persisted in databse (via JPA, the 
default - XML is another option, but less flexible as you can not add 
users while server is running).

With LDAP for users, you can not add users via the James CLI (you need 
to use a direct connection to LDAP).

Upon the documentation you gave, what about adding a simple ldif file 
with a few users that could directly be loaded in a vanilla ApacheDS and 
that will work with the Apache James default LDAP configuration?

Thx,
Eric



On 07/19/2012 09:37 AM, Merve Temizer wrote:
> Hello Eric,
>
> Thanks for attention, i wrote something for ApacheDS example,
> i think with a concrete LDAP server example, everything might be more clear.
> There is still something i want to ask, do we have to manage domains with
> JPA, or is there any other possibility.
>
> =====================================================================================
> STEPS TO AUTHENTICATE JAMES WİTH LDAP(ApacheDS for this case)
>
> Delete record about JPA in James's conf/usersrepository.xml
>
> and add below lines, the last ivew must be like this:
>
> <xml>
>   <repository name="LocalUsers"
> class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository"
> ldapHost="ldap://localhost:10389"
>          principal="uid=admin,ou=system" credentials="secret"
> userObjectClass="inetOrgPerson"  userBase="ou=users,ou=system"
> userIdAttribute="uid">
> <UsersDomain>example.com</UsersDomain>
>         <LDAPRoot>dc=example,dc=com</LDAPRoot>
>         <MailAddressAttribute>mail</MailAddressAttribute>
>         <IdentityAttribute>uid</IdentityAttribute>
>         <AuthenticationType>simple</AuthenticationType>
>         <ManagePasswordAttribute>TRUE</ManagePasswordAttribute>
>         <PasswordAttribute>userPassword</PasswordAttribute>
> </repository>
> </xml>
>
> To explain a little;
>
> In ApacheDS's default construction, there is a root having
> "dc=example,dc=com"
>
> Because of this, the lines should be added:
>
> <UsersDomain>example.com</UsersDomain>
> <LDAPRoot>dc=example,dc=com</LDAPRoot>
>
> And a domain called "example.com" should be added to James, it saves the
> info about domains still in JPA.
>
> ${james_root}/container-spring/target/appassembler/bin/james-cli.sh -h
> localhost adddomain example.com
>
> ApacheDS's admin is admin under "ou=system" entry, and its default password
> is "secret" thus, we need below attributes:
>
> principal="uid=admin,ou=system" credentials="secret"
>
> In ApacheDS when you want to add an entry it requires object classes, it
> should be selected, "inetOrgPerson" and it put a few more automatically
> thus the atribute should be aaded in configuration:
>
>   userObjectClass="inetOrgPerson"
>
> Users are under entry "ou=users,ou=system" , thus the attribute should be
> added:
>
> userBase="ou=users,ou=system"
>
> For ApacheDS, userIdAttribute is "uid", thus it is specified:
>
> userIdAttribute="uid"
>
> In ApacheDS new users should be added under "ou=users,ou=system", with a
> "uid" and a "userPassword" attributes.
> Also while adding new user, the DN should contain "uid".
>
> While querying James using e.g. POP3,
>
> USER yourUsersUID@example.com
> PASS yourUsersPassword
>
> should be used.
>
> ========================================================================================================
>
> 2012/7/18 Eric Charles <eric@apache.org>
>
>> That's really great news!
>> Would you mind writing a few paragraphs to be pushed on our website?
>>
>> Thx again Merve for being so tenacious and having found the way.
>>
>> Eric
>>
>>
>> On 07/18/2012 03:21 PM, Merve Temizer wrote:
>>
>>> Hi,
>>>
>>> Apache James has been configured to talk with ApacheDS LDAP server
>>> successfully.
>>>
>>> The configuration clues in
>>>
>>> https://issues.apache.org/**jira/browse/JAMES-747<https://issues.apache.org/jira/browse/JAMES-747>
>>>
>>> make me be patient and try more thing.
>>>
>>> I am going to tell what i exactly do in my blog.
>>>
>>> Thanks for helps.
>>>
>>>
>>> 2012/7/17 Eric Charles <eric@apache.org>
>>>
>>>   Hi,
>>>> If any user/developer has already run james with ldap, I'm also
>>>> interested
>>>> to know how to configure it.
>>>>
>>>> [1] and [2] is not helpful enough to use it directly.
>>>>
>>>> Thx, Eric
>>>>
>>>> [1] http://james.apache.org/****server/archive/usingLDAP_v1_2.****html<http://james.apache.org/**server/archive/usingLDAP_v1_2.**html>
>>>> <http://james.apache.**org/server/archive/usingLDAP_**v1_2.html<http://james.apache.org/server/archive/usingLDAP_v1_2.html>
>>>>>
>>>> [2] http://james.apache.org/****server/3/config-users.html#**<http://james.apache.org/**server/3/config-users.html#**>
>>>> LDAP_Users_Repository<http://**james.apache.org/server/3/**
>>>> config-users.html#LDAP_Users_**Repository<http://james.apache.org/server/3/config-users.html#LDAP_Users_Repository>
>>>>>
>>>>
>>>>
>>>>
>>>> On 07/17/2012 04:41 PM, Merve Temizer wrote:
>>>>
>>>>   Hello,
>>>>> How can i login as my user in LDAP?
>>>>> I have users in ApacheDS under ou:users,ou:system and they have dn s
>>>>> also
>>>>> cn s.
>>>>> What should i write in "mail from" and "rcpt to" fields while sending
>>>>> emails through "telnet localhost 25"?
>>>>>
>>>>>
>>>>>
>>>> --
>>>> eric | http://about.echarles.net | @echarles
>>>>
>>>>
>>>> ------------------------------****----------------------------**
>>>> --**---------
>>>> To unsubscribe, e-mail: server-dev-unsubscribe@james.****apache.org<
>>>> server-dev-**unsubscribe@james.apache.org<server-dev-unsubscribe@james.apache.org>
>>>>>
>>>> For additional commands, e-mail: server-dev-help@james.apache.****org<
>>>> server-dev-help@james.**apache.org <server-dev-help@james.apache.org>>
>>>>
>>>>
>>>>
>>>
>>
>> --
>> eric | http://about.echarles.net | @echarles
>>
>>
>> ------------------------------**------------------------------**---------
>> To unsubscribe, e-mail: server-dev-unsubscribe@james.**apache.org<server-dev-unsubscribe@james.apache.org>
>> For additional commands, e-mail: server-dev-help@james.apache.**org<server-dev-help@james.apache.org>
>>
>>
>


-- 
eric | http://about.echarles.net | @echarles


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message